7 matches found
CVE-2023-33226
CVE-2023-33226 affects SolarWinds Network Configuration Manager (NCM). Multiple connected sources describe a Directory Traversal Remote Code Execution flaw in NCM, enabling code execution with SYSTEM privileges after exploiting path handling in ExportConfigs (root cause: improper validation of us...
CVE-2023-40054
CVE-2023-40054 relates to SolarWinds Network Configuration Manager. The connected documents confirm a Directory Traversal Remote Code Execution vulnerability that can allow a low-privilege user to execute actions with SYSTEM privileges. The core issue is consistent with a directory traversal flaw...
CVE-2023-33228
CVE-2023-33228 affects SolarWinds Network Configuration Manager. The issue permits users with administrative access to the SolarWinds Web Console to disclose sensitive information. According to NVD, AV Network, PR High, UI N, S U, C High, I/N, A None with a 3.1 base score of 4.9 (Medium). Related...
CVE-2023-33227
Summary (CVE-2023-33227): The Network Configuration Manager (SolarWinds) is affected by a Directory Traversal Remote Code Execution vulnerability. A low-level user can execute actions with SYSTEM privileges. Multiple connected sources (NVD/Red Hat/Nessus/NCSC) confirm the issue and note that reme...
CVE-2021-35226
CVE-2021-35226 affects SolarWinds Network Configuration Manager (NCM). A misconfiguration in NCM exposes a password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role. Documented impact is limited to credential expos...
CVE-2014-3459
The CVE-2014-3459 issue affects SolarWinds Network Configuration Manager (NCM) prior to version 7.3, where a heap-based buffer overflow in the PEstrarg1 property can be exploited to execute arbitrary code. The root cause is a failure to validate the input size before copying into a fixed-size hea...
CVE-2023-40055
CVE-2023-40055 affects SolarWinds Network Configuration Manager. The vulnerability is a Directory Traversal Remote Code Execution that could allow a low-privilege user to perform actions with SYSTEM privileges. The issue is noted as not resolved in CVE-2023-33227, with corroborating details from ...